feat(credentials): guest-side helper + integration tests (Phase 1)

Adds the missing guest-facing surface for the scoped-credentials feature
defined in hyperlight:sandbox/credentials (Phase 1 host plumbing landed in
the earlier WIT/RootImports/CredentialRegistry commits).

Guest helper additions (src/wasm_sandbox/guests/python):
- sandbox_executor.py: credential= kwarg on http_get / http_post / the
  shared _http_request helper, plus standalone attach_credential(req, id)
  for callers building wasi-http requests by hand.
- hyperlight.py: re-export attach_credential so guest scripts can rom
  hyperlight import attach_credential.

Tests (src/wasm_sandbox/tests/credential_integration.rs, 8 cases):
- credential_header_injected_on_get / _on_post  -> happy path
- no_credential_means_no_auth_header            -> default unchanged
- duplicate_credential_registration_rejected    -> registry rejects re-use
- unknown_credential_raises_error               -> unknown id surfaces error
- guest_cannot_override_credential_header       -> host injection wins
- scope_mismatch_denied                         -> scope enforcement
- double_attach_rejected                        -> single-attach invariant

All 8 pass via just wasm test and direct cargo test.

Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>

Author: simongdavies

src/wasm_sandbox/guests/python/hyperlight.py

@@ -2,5 +2,6 @@
 
 from sandbox_executor import _call_tool as call_tool
 from sandbox_executor import http_get, http_post
+from sandbox_executor import attach_credential
 
-__all__ = ["call_tool", "http_get", "http_post"]
+__all__ = ["call_tool", "http_get", "http_post", "attach_credential"]

src/wasm_sandbox/guests/python/sandbox_executor.py

@@ -15,6 +15,7 @@
 import wit_world.imports.tools as tools
 import wit_world.imports.outgoing_handler as outgoing_handler
 import wit_world.imports.wasi_http_types as http_types
+import wit_world.imports.credentials as credentials
 
 
 def _call_tool(tool_name: str, **kwargs):
@@ -26,17 +27,30 @@ def _call_tool(tool_name: str, **kwargs):
     return json.loads(result_json)
 
 
-def http_get(url: str) -> dict:
-    """Make an HTTP GET request via WASI-HTTP. Returns {"status": int, "body": str}."""
-    return _http_request("GET", url)
+def http_get(url: str, credential: str = None) -> dict:
+    """Make an HTTP GET request via WASI-HTTP. Returns {"status": int, "body": str}.
 
+    If credential is set, attaches the named credential to the request.
+    The host will inject the credential's header at dispatch time — the
+    guest never sees the secret value.
+    """
+    return _http_request("GET", url, credential=credential)
 
-def http_post(url: str, body: str = "", content_type: str = "application/json") -> dict:
-    """Make an HTTP POST request via WASI-HTTP. Returns {"status": int, "body": str}."""
-    return _http_request("POST", url, body=body, content_type=content_type)
 
+def http_post(url: str, body: str = "", content_type: str = "application/json",
+              credential: str = None) -> dict:
+    """Make an HTTP POST request via WASI-HTTP. Returns {"status": int, "body": str}.
 
-def _http_request(method: str, url: str, body: str = "", content_type: str = "") -> dict:
+    If credential is set, attaches the named credential to the request.
+    The host will inject the credential's header at dispatch time — the
+    guest never sees the secret value.
+    """
+    return _http_request("POST", url, body=body, content_type=content_type,
+                         credential=credential)
+
+
+def _http_request(method: str, url: str, body: str = "", content_type: str = "",
+                  credential: str = None) -> dict:
     """Internal: make an HTTP request via WASI-HTTP outgoing-handler."""
     # Parse URL into scheme, authority, path
     scheme_str, rest = url.split("://", 1) if "://" in url else ("https", url)
@@ -81,6 +95,16 @@ def _http_request(method: str, url: str, body: str = "", content_type: str = "")
     req.set_authority(authority)
     req.set_path_with_query(path)
 
+    # Attach credential if specified — the host resolves the secret
+    # and injects the header at dispatch time.
+    if credential is not None:
+        try:
+            credentials.attach(req, credential)
+        except Exception as e:
+            raise RuntimeError(
+                f"Failed to attach credential '{credential}': {e}"
+            ) from e
+
     # Write body if present
     if body:
         outgoing_body = req.body()
@@ -138,6 +162,23 @@ def _http_request(method: str, url: str, body: str = "", content_type: str = "")
     return {"status": status, "body": body_text}
 
 
+def attach_credential(request, credential_id: str):
+    """Attach a registered credential to an outgoing-request by name.
+
+    Low-level helper for guests building WASI-HTTP requests manually.
+    Most callers should use the `credential=` kwarg on `http_get`/`http_post`
+    instead.
+
+    Raises RuntimeError if the credential is unknown or already attached.
+    """
+    try:
+        credentials.attach(request, credential_id)
+    except Exception as e:
+        raise RuntimeError(
+            f"Failed to attach credential '{credential_id}': {e}"
+        ) from e
+
+
 class Executor:
     """Implements the WIT executor interface for componentize-py."""
 
@@ -152,7 +193,13 @@ def run(self, code: str) -> ExecutionResult:
 
         exit_code = 0
         try:
-            exec(code, {"__builtins__": __builtins__, "call_tool": _call_tool, "http_get": http_get, "http_post": http_post})
+            exec(code, {
+                "__builtins__": __builtins__,
+                "call_tool": _call_tool,
+                "http_get": http_get,
+                "http_post": http_post,
+                "attach_credential": attach_credential,
+            })
         except SystemExit as e:
             exit_code = e.code if isinstance(e.code, int) else 1
         except Exception as e: